Date: Mon, 20 Jul 1998 12:37:38 -0600 From: Brett Glass <brett@lariat.org> To: Alexandre Snarskii <snar@paranoia.ru>, Alexandre Snarskii <snar@paranoia.ru> Cc: security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <199807201837.MAA21687@lariat.lariat.org> In-Reply-To: <19980720222613.37562@nevalink.ru> References: <199807201714.LAA19993@lariat.lariat.org> <199807200148.TAA07794@harmony.village.org> <199807200102.SAA07953@bubba.whistle.com> <199807200148.TAA07794@harmony.village.org> <19980720152932.42290@nevalink.ru> <199807201714.LAA19993@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:26 PM 7/20/98 +0400, Alexandre Snarskii wrote: >Can you release kernel patches to realise hardware-level protection ? >( I'm not an experienced kernel programer, and have no enough time >to learn kernel internals, sorry :( ) The patches would have to be both to the kernel and the compiler, since the changes would change the machine's segmentation model. I can't give you an instant evaluation of how extensive they would be; it depends on how many programs and kernel routines are coded with the assumption that the world is totally "flat." >PS: btw, non-executable stack don't protect against return-into-libc >attack ( as demonstrated by Rafal Wojtczuk in bugtraq against >Solar Designer's patch ). Segmentation would also guard against another exploit, by the way: jumping into the middle of a routine to the point just after a security check. I'm SURE that there are holes like this that haven't been exploited yet. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807201837.MAA21687>